Clifford Neuman - ISI/USC
Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.
Managing Policy for Coordinated Defense
Mar 24, 2004
Abstract
As currently deployed computer security is implemented through acollection of point defenses. Firewalls, VPN's, authentication
technologies, and authorization for application servers all use their
own policies, only occasionally administered centrally. In reality,
the organization rules on which these defenses should base their
actions originate from many places, but changes to the end policies
often fail to implement such rules.
The authorization architecture developed as part of USC's DEFCN
effort, and on which Dr. Neuman's current research is based, allows
policies to originate from multiple sources. These policies express
more than just access policies (whether an action is allowed); they
specify what security services are to be applied when executing an
action support new security actions such as adaptive audit. The
policies are communicated through multiple mechanisms, including
subscription, and by embedding them in authentication and
authorization credentials issued users of the system. The DEFCN
architecture enables coordinated implementation of policies across a
wide range of defense mechanisms.
In this talk, Dr. Neuman will discuss activities at USC's Center for
Computer Systems Security in manging distributed policies for large
federated systems.
About the Speaker
Dr. Clifford Neuman is director of the Center for Computer Systems Security at the Information Sciences Institute (ISI) of the University of Southern California (USC), Associate Division Director of the Computer Networks Division at ISI, and a faculty member in the Computer Science Department at USC. Dr. Neuman earned a Bachelor\'s degree at the Massachusetts Institute of Technology and subsequently worked at Project Athena. He received M.S. and Ph.D. degrees from the University of Washington.
Dr. Neuman conducts research in distributed systems, computer security, and electronic commerce. He is the the principal designer of the Kerberos authentication system and architected its use as a basis for distributed authorization. The Kerberos system has served as the basis for many commercial computer security products and among other deployments, provides user authentication for Microsoft\'s Windows 2000 and Windows XP. Dr. Neuman also developed the NetCheque
Dr. Neuman conducts research in distributed systems, computer security, and electronic commerce. He is the the principal designer of the Kerberos authentication system and architected its use as a basis for distributed authorization. The Kerberos system has served as the basis for many commercial computer security products and among other deployments, provides user authentication for Microsoft\'s Windows 2000 and Windows XP. Dr. Neuman also developed the NetCheque
Ways to Watch
